Note: VMware Server was declared End Of Availability on January 2010,
support will be limited to Technical Guidance for the duration
of the support term."

The major vulnerability in regard to ESXi is "OS Command Injection in
VMware Tools update". This vulnerability could allow a user on the VM
Host to inject a command into a Guest through the VMWare Tools.

Users of the VMware software should update to the latest patch revision.